Hackin9

InfoSec News


Since it is a holiday week (at least here in the United States) thought I would put up a new poll question. Unlike previous ones, this one is open-ended and comment-only. What do you think the top 5 unresolved or underresolved security issues are of 2012? What do you think is eating our lunch out there that we lack the tools or techniques to handle?

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Securing Good Technology's mobile device management (MDM) offerings while exploring future tech developments is CTO Nicko van Someren's top priorities.
 
Too many information security executives struggle to sell their metrics efforts to the C-suite.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel CEO Paul Otellini is getting ready to leave the company, and analysts say this could be a positive change for the world's largest chip maker.
 
A few major retailers want to get a jump on Cyber Monday by launching their online sales over the Thanksgiving weekend.
 
The U.S. Federal Trade Commission may be headed toward an "unwarranted" power grab in its antitrust investigation of Google, two lawmakers from Silicon Valley have said.
 
The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
 
Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, as a bridge when communicating with attackers in order to hide the malicious traffic.
 
The PaaS (platform as a service) market will grow to US$1.2 billion this year, up from last year's $900 million take, as vendors and customers seek easier ways to create new applications and customize existing ones, according analyst firm Gartner.
 
The sale of one of the divisions of AuthenTec, the security specialist Apple acquired earlier this year, is being seen as an indication of the iPhone maker's plans for the company's technology


 
Novell File Reporter 'NFRAgent.exe' Multiple Security Vulnerabilities
 
Real Networks RealPlayer RV20 Frame Size Remote Code Execution Vulnerability
 
Computer sellers have scaled back their expectations of the sales pop they'll get from Windows 8 this year, an analyst said today.
 
Hundreds of early users of two Windows Phone 8 smartphones have complained of recurring and random reboots on Nokia's Lumia 920 and the HTC 8X smartphones.
 
Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites
 
n.runs-SA-2012.004 - SPLUNK Unauthenticated remote DoS
 
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
 
[ MDVSA-2012:172 ] libproxy
 
Intel CEO Paul Otellini will retire as an officer and director of the company in May, ending a four-decade career with the company.
 
[SECURITY] [DSA 2575-1] tiff security update
 
Nokia Siemens Networks and Ballard Power Systems want methanol-powered fuel cells to keep mobile networks running in the event of an electricity outage and are working with NTT DoCoMo to test the technology.
 
Moodle Multiple Security Vulnerabilities
 
Open Flash Chart 'ofc_upload_image.php' Remote PHP Code Execution Vulnerability
 
IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
 
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
 
The U.S. Dept. of Energy, which builds the world's largest supercomputers, is now targeting 2020 to 2022 target for an exascale system, two to four years later than earlier expectations.
 
Hackers have compromised two servers used by the FreeBSD Project to build third-party software packages. Anyone who has installed such packages since Sept. 19 should completely reinstall their machines, the project's security team warned.
 
China's largest search engine Baidu said on Monday the company would provide 30GB of free cloud storage to Android devices built with certain Qualcomm chips, in what's the latest move by the company to carve out a presence in the country's mobile services sector.
 
The next version of Microsoft's SQL Server will allow users to host database tables, or even entire databases, within a server's memory.
 
The vendors behind sync services seem to be more interested in positioning their wares against competitors than in delivering solid services that integrate with a variety of platforms.
 
New containerization technologies can help BYOD initiatives succeed by creating separate spaces on smartphones for work and personal use.
 
Specially designed holistic development plans help tech workers and their employers navigate the choppy waters of IT employment.
 
When an externally available list is spammed with a phishing attack, our manager has to wonder how many such lists exist.
 
Statistical modeling techniques that businesses use to find customers helped quantitative analysts predict the results of this month's U.S. elections with stunning accuracy. Insider (registration required)
 
Over the next three years, AT&T plans to spend $14 billion on capital improvements to its wired and wireless networks.
 
Adobe's schedule for issuing security updates for Flash Player will now coincide Microsoft's Patch Tuesday schedule.
 
Researchers at the University of South Carolina have discovered that some types of electricity meters broadcast unencrypted information that eavesdroppers could use to determine whether a home is occupied or not.
 
Data recovery experts have been kept busy in the wake of Hurricane Sandy, which left a slew of data centers underwater, damaging equipment and threatening a significant loss of business-critical data.
 
A newly discovered trojan uses the Viewer feature of Google's office Docs web application to contact its command-and-control server. Symantec says that Google could prevent this by simply using a firewall


 
Even back in 1982, the astonishing emergence of a large black weather balloon from beneath the field during the annual Harvard-Yale football game was enough to have police officers drawing their guns.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status